New amendments to cybercrime laws have given the government broad authority to block websites and online applications it deems harmful, deepening worries about the state’s crackdown over the freedom of expression.
- •The Computer Misuse and Cybercrime (Amendment) Act, 2024, was one of the bills signed into law by President William Ruto on Wednesday, October 15.
- •The amendments empower the National Computer and Cybercrimes Coordination Committee to order internet providers to make websites or applications inaccessible if they are deemed to promote pornography, terrorism, or the nebulous “extreme religious and cultic practices.”
- •The committee, composed largely of security officials, may act without a court order or public oversight.
Beyond censorship, the Act broadens the offence of cyber harassment to cover conduct “likely to cause” someone to commit suicide. However, this provision doesn’t spell out what that means; thus leaving room for subjective interpretation that authorities could use to criminalize different forms of speech.
Last year during the Gen-Z outrage against the Finance Bill 2024, social media became a vent for frustration against political leaders who were in support of the proposed law. Many of them claimed that they were cyber bullied and insulted, prompting their suggestion to criminalize verbal attacks against them.
Criminalizing the Internet
Earlier this year, human rights group ‘Article 19’ urged parliament to withdraw the Computer Misuse and Cybercrimes (Amendment) Bill, saying it violates international human rights standards and threatens freedom of expression.
The organization argued that the law’s vague language and sweeping powers would allow officials to silence critics and restrict online communication under the guise of fighting terrorism or extremism.
Without tighter definitions and safeguards, Article 19 warns, the amendments could criminalize ordinary speech, chill online debate, and erode Kenya’s growing reputation as one of Africa’s most open digital societies.
The new changes also extend phishing to include fraudulent phone calls, and introduces a penalty for unauthorized SIM swaps. SIM-swap fraud, a fast-growing form of identity theft, involves criminals convincing mobile carriers to transfer a victim’s phone number to a new SIM card under their control.
Once the switch is made, the fraudsters can intercept calls and text messages, including one-time passwords used for online banking and account verification, giving them access to financial accounts and other personal data.
Government officials have defended the amendments as a necessary upgrade to the outdated rules in the 2018 law, saying it will help fight online fraud, extremist propaganda, and SIM-swap scams that have surged with the country’s digital boom. They argue the measure strengthens national security and protects citizens from digital abuse, insisting it targets criminals, not critics.
What’s Next
A second related bill, still snaking its way through the legislature, seeks to replace the flat-rate internet model with metered billing, forcing providers to track and charge users by the byte. Proposed by Aldai MP Maryanne Keitanny, this bill will also introduce requirements for customers to register detailed personal information before getting online.
Operators will be required to collect and store detailed identification information from subscribers before providing services. This includes full names, ID numbers, birth dates, gender, and physical and postal addresses for individuals, and registration particulars for corporate or statutory bodies.
Mandatory tracking systems and annual reporting requirements would not only mean higher costs and fewer players in the market, but the state broadening its control on internet users.